Search Engine: Elastic

Article ID: 131773, created on Nov 14, 2017, last review on Nov 14, 2017

  • Applies to:
  • Operations Automation 7.1

Symptoms

Communication over private networks is broken for some customers in the OACI infrastructure.

Traffic captures show ARP response coming from some foreign MAC address that are outside of OACI.

Cause

Two different Virtuozzo infrastructures are joined into the same internal network. Virtuozzo 7 nodes have proxy_arp feature enabled by default, which entails responding to any ARP requests for IPs that are outside of backnet NIC network, but are reachable over other NICs.

Resolution

The issue is specific to Virtuozzo 7 networking.

As a fast workaround, proxy_arp feature should be disabled on the Virtuozzo 7 nodes that are inside the same network as OACI nodes, but are not registered in OACI:

# sysctl -w net.ipv4.conf.all.proxy_arp=0

Note that disabling proxy_arp feature breaks host-routed network connectivity for Virtuozzo virtual machines. It will only be possible to use bridged network type for VMs.

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 8c199f0ee4305da1a577740620df4a51 1941880841f714e458ae4dc3d9f3062d

Email subscription for changes to this article
Save as PDF